Welcome!

Cloud Security Authors: Elizabeth White, Liz McMillan, Pat Romanski, Lisa Calkins, Mamoon Yunus

Related Topics: @CloudExpo, Cloud Security, Government Cloud

@CloudExpo: Article

Is Cloud Computing for Real?

Summary of Session by CIO of the National Reconnaissance Office at Cloud Expo New York

In October 2009, Enterprise Cloud Computing was considered bleeding edge technology by many but there was something that seemed different about its value potential and adoption rate. For CIOs, it seemed a chance to provision affordable infrastructure quickly, alleviating delays to mission critical deliveries. Federal CIOs interest in Enterprise Cloud Computing was limited to innovators and early adopters. Two years later, where does Enterprise Cloud Computing stand? Is it for real?



Today, Cloud Computing is on the Gartner® technology hype curve in the “peak of inflated expectations” category. Its placement on the curve—even though we all should prepare for the dreaded “trough of disillusionment” dip—indicates Cloud Computing is, indeed, for real. There are other indicators of note also. CIOs across the board are focused on the success Cloud Computing can deliver. Vendors are sparring with each other to obtain space in Gartner’s Magic Quadrant. The Federal CIO has issued a “Cloud First” policy and published the first Federal Cloud Computing Strategy. And, it’s been featured in the hit comic strip Dilbert—a pop culture indicator worth noting!

Federal agencies need IT solutions that can handle current missions—from supporting counter-terrorism to combating proliferation of weapons of mass destruction--and we need IT that can handle global surge demands based on fluctuating world events and natural disasters. Federal IT must be efficiently adaptable and properly affordable to meet evolving mission needs. It must be capable of keeping pace with the exponential growth of data, including the increasing complexities of maintaining legal and regulatory compliance of information management and assurance.

As a CIO, building your cloud strategy can be confusing as there are many options to consider before making a decision. Cloud Computing can deliver within a variety of characteristics. Each CIO will need to consider the characteristics of primary importance in order to properly center a strategy. For example, determining your needs for rapid elasticity, on-demand self-service, global access, and payment options will be necessary to develop the right strategy. The second consideration for a CIO is just how far up the stack she wants to go. Infrastructure as a Service (IaaS), Platform as a Service (PaaS), and Software as a Service (SaaS) each deliver different features and capabilities for your business. You can develop a plan that includes some or all of the Services. Finally, a CIO needs to think about the deployment model(s) that best fit her business (Public, Private, Community, and Hybrid).

Cloud Computing isn’t perfect; there are concerns to manage and mistakes to avoid. The number one concern remains Security and that’s given rise to Enterprise Cloud Computing deployments and private clouds. But, there are other concerns also such as the skill set of your workforce, requirements for compliance verification, legacy baseline migration, and costs. For example, depending on the percentage of your legacy that can successfully transition to Cloud, your cost-benefit equation may not provide sufficient return for the investment.

Common mistakes to avoid include: assuming Cloud Computing is for everything; planning for a “light switch” migration from legacy to new; selecting only one vendor and creating early lock-in; underestimating the cultural change required by your own IT team; and implementing a bunch of mini- clouds in your existing data closets.

We’ve spent 18 months developing the National Reconnaissance Office (NRO) IT strategy and roadmap; we gave it a lot of thought but it is just an example and not the only way to move forward. Our cloud delivery model will be private first and then a hybrid of private and community (with our Intelligence Community colleagues). We’re moving our way up the stack starting with IaaS and PaaS first, then SaaS. And, we are focused on a phased revolutionary approach—building a new environment as a green field.

Our planning has highlighted the need to focus attention on management of the NRO Cloud. Defining specific roles and responsibilities, articulating cloud service level agreements between the provider and users, adjusting organizational constructs to fit the Cloud business model, and streamlining configuration control processes to meet the rapid timelines of provisioning must all be addressed if success is to be achieved. Our planning also indicated the NRO mission would not be served by a CPU-based commodity cloud alone. We also need a high-performance cloud that is GPU-based and we are learning there are industry gaps in this area.

The NRO Cloud strategy won’t be too different from how other Federal agencies adopt Cloud Computing. Most agencies processing classified information are focused on private clouds versus public clouds for security and information management/assurance reasons. Over time, though, I believe federal community clouds will emerge, as will private hybrid clouds, which allow agencies to maintain a private space as well as take advantage of federal community clouds.

The NRO Cloud will be implemented in four phases over the course of 6 years. It’s a complex migration necessarily paced to meet federal budget processes, existing acquisition commitments, and mission service imperatives.

  • Phase 1 – Test It. We have multiple small cloud pilots ongoing covering commodity/utility cloud, high performance cloud, and big data cloud. We are focused on streamlining information assurance compliance, developing appropriate policies and processes, and defining standards.
  • Phase 2 – Prove It. In this phase, we will merge successful elements from Phase 1, finalize policies, prototype management and governance changes necessary for cloud provisioning models, refine standards, realign programs as needed, and ensure enterprise foundation capabilities meet mission demands.
  • Phase 3 – Use It. Scaled deployment of the enterprise Cloud will occur. Applications will develop specific transition and migration plans generally aligned with planned refresh cycles. Service management processes and new centralized information assurance approaches will be refined for long-term success.
  • Phase 4 – Exploit It. The NRO Cloud will emerge as the primary Enterprise Infrastructure Services Provider with robust measures of effectiveness, performance accountability, and service transparency. New mission and business applications will emerge through innovations in Cloud Computing and federation with the IC Cloud will be achieved moving the NRO into a hybrid environment.

In summary, the time for Cloud Computing is now. All of the indicators are in place to suggest a rapid and successful migration to this newest generation of IT architecture. It is not a one-size-fits-all migration. CIOs will need to spend time exploring Cloud Computing solutions to find the combination that best responds to specific mission and business needs. Maintaining awareness of the concerns and mistakes is absolutely necessary and security remains the top concern. Security is a huge focus for IT vendors and creative, robust solutions will be constantly emerging to reduce concerns. Large organizations will increasingly turn to Enterprise Cloud Computing strategies to achieve efficiencies of Cloud Computing while reducing risks of exposure for intellectual property, customer privacy, and competitive strategies.

More Stories By Jill Tummler Singer

Jill Tummler Singer is CIO for the National Reconnaissance Office (NRO)- which as part of the 16-member Intelligence Community plays a primary role in achieving information superiority for the U.S. Government and Armed Forces. A DoD agency, the NRO is staffed by DoD and CIA personnel. It is funded through the National Reconnaissance Program, part of the National Foreign Intelligence Program.

Prior to joining the NRO, Singer was Deputy CIO at the Central Intelligence Agency (CIA), where she was responsible for ensuring CIA had the information, technology, and infrastructure necessary to effectively execute its missions. Prior to her appointment as Deputy CIO, she served as the Director of the Diplomatic Telecommunications Service (DTS), United States Department of State, and was responsible for global network services to US foreign missions.

Singer has served in several senior leadership positions within the Federal Government. She was the head of Systems Engineering, Architecture, and Planning for CIA's global infrastructure organization. She served as the Director of Architecture and Implementation for the Intelligence Community CIO and pioneered the technology and management concepts that are the basis for multi-agency secure collaboration. She also served within CIA’s Directorate of Science and Technology.

Comments (1) View Comments

Share your thoughts on this story.

Add your comment
You must be signed in to add a comment. Sign-in | Register

In accordance with our Comment Policy, we encourage comments that are on topic, relevant and to-the-point. We will remove comments that include profanity, personal attacks, racial slurs, threats of violence, or other inappropriate material that violates our Terms and Conditions, and will block users who make repeated violations. We ask all readers to expect diversity of opinion and to treat one another with dignity and respect.


Most Recent Comments
Elad Israeli 06/20/11 08:48:00 AM EDT

I can relate to many points you list here. I come from the business intelligence space, where the Cloud and SaaS are way overly hyped - mainly due to some startups in the space.

http://tinyurl.com/saas-bi

@ThingsExpo Stories
Internet-of-Things discussions can end up either going down the consumer gadget rabbit hole or focused on the sort of data logging that industrial manufacturers have been doing forever. However, in fact, companies today are already using IoT data both to optimize their operational technology and to improve the experience of customer interactions in novel ways. In his session at @ThingsExpo, Gordon Haff, Red Hat Technology Evangelist, shared examples from a wide range of industries – including en...
Detecting internal user threats in the Big Data eco-system is challenging and cumbersome. Many organizations monitor internal usage of the Big Data eco-system using a set of alerts. This is not a scalable process given the increase in the number of alerts with the accelerating growth in data volume and user base. Organizations are increasingly leveraging machine learning to monitor only those data elements that are sensitive and critical, autonomously establish monitoring policies, and to detect...
To get the most out of their data, successful companies are not focusing on queries and data lakes, they are actively integrating analytics into their operations with a data-first application development approach. Real-time adjustments to improve revenues, reduce costs, or mitigate risk rely on applications that minimize latency on a variety of data sources. Jack Norris reviews best practices to show how companies develop, deploy, and dynamically update these applications and how this data-first...
Intelligent Automation is now one of the key business imperatives for CIOs and CISOs impacting all areas of business today. In his session at 21st Cloud Expo, Brian Boeggeman, VP Alliances & Partnerships at Ayehu, will talk about how business value is created and delivered through intelligent automation to today’s enterprises. The open ecosystem platform approach toward Intelligent Automation that Ayehu delivers to the market is core to enabling the creation of the self-driving enterprise.
WebRTC is the future of browser-to-browser communications, and continues to make inroads into the traditional, difficult, plug-in web communications world. The 6th WebRTC Summit continues our tradition of delivering the latest and greatest presentations within the world of WebRTC. Topics include voice calling, video chat, P2P file sharing, and use cases that have already leveraged the power and convenience of WebRTC.
"We're a cybersecurity firm that specializes in engineering security solutions both at the software and hardware level. Security cannot be an after-the-fact afterthought, which is what it's become," stated Richard Blech, Chief Executive Officer at Secure Channels, in this SYS-CON.tv interview at @ThingsExpo, held November 1-3, 2016, at the Santa Clara Convention Center in Santa Clara, CA.
SYS-CON Events announced today that Massive Networks will exhibit at SYS-CON's 21st International Cloud Expo®, which will take place on Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. Massive Networks mission is simple. To help your business operate seamlessly with fast, reliable, and secure internet and network solutions. Improve your customer's experience with outstanding connections to your cloud.
The question before companies today is not whether to become intelligent, it’s a question of how and how fast. The key is to adopt and deploy an intelligent application strategy while simultaneously preparing to scale that intelligence. In her session at 21st Cloud Expo, Sangeeta Chakraborty, Chief Customer Officer at Ayasdi, will provide a tactical framework to become a truly intelligent enterprise, including how to identify the right applications for AI, how to build a Center of Excellence to ...
Consumers increasingly expect their electronic "things" to be connected to smart phones, tablets and the Internet. When that thing happens to be a medical device, the risks and benefits of connectivity must be carefully weighed. Once the decision is made that connecting the device is beneficial, medical device manufacturers must design their products to maintain patient safety and prevent compromised personal health information in the face of cybersecurity threats. In his session at @ThingsExpo...
From 2013, NTT Communications has been providing cPaaS service, SkyWay. Its customer’s expectations for leveraging WebRTC technology are not only typical real-time communication use cases such as Web conference, remote education, but also IoT use cases such as remote camera monitoring, smart-glass, and robotic. Because of this, NTT Communications has numerous IoT business use-cases that its customers are developing on top of PaaS. WebRTC will lead IoT businesses to be more innovative and address...
Everything run by electricity will eventually be connected to the Internet. Get ahead of the Internet of Things revolution and join Akvelon expert and IoT industry leader, Sergey Grebnov, in his session at @ThingsExpo, for an educational dive into the world of managing your home, workplace and all the devices they contain with the power of machine-based AI and intelligent Bot services for a completely streamlined experience.
Because IoT devices are deployed in mission-critical environments more than ever before, it’s increasingly imperative they be truly smart. IoT sensors simply stockpiling data isn’t useful. IoT must be artificially and naturally intelligent in order to provide more value In his session at @ThingsExpo, John Crupi, Vice President and Engineering System Architect at Greenwave Systems, will discuss how IoT artificial intelligence (AI) can be carried out via edge analytics and machine learning techn...
SYS-CON Events announced today that GrapeUp, the leading provider of rapid product development at the speed of business, will exhibit at SYS-CON's 21st International Cloud Expo®, which will take place October 31-November 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. Grape Up is a software company, specialized in cloud native application development and professional services related to Cloud Foundry PaaS. With five expert teams that operate in various sectors of the market acr...
SYS-CON Events announced today that Datera, that offers a radically new data management architecture, has been named "Exhibitor" of SYS-CON's 21st International Cloud Expo ®, which will take place on Oct 31 - Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. Datera is transforming the traditional datacenter model through modern cloud simplicity. The technology industry is at another major inflection point. The rise of mobile, the Internet of Things, data storage and Big...
In his opening keynote at 20th Cloud Expo, Michael Maximilien, Research Scientist, Architect, and Engineer at IBM, discussed the full potential of the cloud and social data requires artificial intelligence. By mixing Cloud Foundry and the rich set of Watson services, IBM's Bluemix is the best cloud operating system for enterprises today, providing rapid development and deployment of applications that can take advantage of the rich catalog of Watson services to help drive insights from the vast t...
SYS-CON Events announced today that CA Technologies has been named "Platinum Sponsor" of SYS-CON's 21st International Cloud Expo®, which will take place October 31-November 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. CA Technologies helps customers succeed in a future where every business - from apparel to energy - is being rewritten by software. From planning to development to management to security, CA creates software that fuels transformation for companies in the applic...
Recently, IoT seems emerging as a solution vehicle for data analytics on real-world scenarios from setting a room temperature setting to predicting a component failure of an aircraft. Compared with developing an application or deploying a cloud service, is an IoT solution unique? If so, how? How does a typical IoT solution architecture consist? And what are the essential components and how are they relevant to each other? How does the security play out? What are the best practices in formulating...
In his session at @ThingsExpo, Arvind Radhakrishnen discussed how IoT offers new business models in banking and financial services organizations with the capability to revolutionize products, payments, channels, business processes and asset management built on strong architectural foundation. The following topics were covered: How IoT stands to impact various business parameters including customer experience, cost and risk management within BFS organizations.
Internet of @ThingsExpo, taking place October 31 - November 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA, is co-located with 21st Cloud Expo and will feature technical sessions from a rock star conference faculty and the leading industry players in the world. The Internet of Things (IoT) is the most profound change in personal and enterprise IT since the creation of the Worldwide Web more than 20 years ago. All major researchers estimate there will be tens of billions devic...
SYS-CON Events announced today that Elastifile will exhibit at SYS-CON's 21st International Cloud Expo®, which will take place on Oct 31 - Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. Elastifile Cloud File System (ECFS) is software-defined data infrastructure designed for seamless and efficient management of dynamic workloads across heterogeneous environments. Elastifile provides the architecture needed to optimize your hybrid cloud environment, by facilitating efficient...